CVE-2014-7959

CVSS V2 Medium 6.5 CVSS V3 None

Description

SQL injection vulnerability in admin/htaccess/bpsunlock.php in the BulletProof Security plugin before .51.1 for WordPress allows remote authenticated users to execute arbitrary SQL commands via the tableprefix parameter.

Overview

CVE ID
CVE-2014-7959

Assigner
cve@mitre.org

Vulnerability Status
Analyzed

Published Version
2014-11-06T15:55:08

Last Modified Date
2021-12-15T21:02:41

Weakness Enumerations

CWE	URL
CWE-89	http://cwe.mitre.org/data/definitions/89.html

CPE Configuration (Product)

CPE	Vulnerable	Operator
cpe:2.3:a:ait-pro:bulletproof_security:.44:::::wordpress::	1	OR
cpe:2.3:a:ait-pro:bulletproof_security:.44.1:::::wordpress::	1	OR
cpe:2.3:a:ait-pro:bulletproof_security:.45:::::wordpress::	1	OR
cpe:2.3:a:ait-pro:bulletproof_security:.45.1:::::wordpress::	1	OR
cpe:2.3:a:ait-pro:bulletproof_security:.45.2:::::wordpress::	1	OR
cpe:2.3:a:ait-pro:bulletproof_security:.45.3:::::wordpress::	1	OR
cpe:2.3:a:ait-pro:bulletproof_security:.45.4:::::wordpress::	1	OR
cpe:2.3:a:ait-pro:bulletproof_security:.45.5:::::wordpress::	1	OR
cpe:2.3:a:ait-pro:bulletproof_security:.45.6:::::wordpress::	1	OR
cpe:2.3:a:ait-pro:bulletproof_security:.45.7:::::wordpress::	1	OR
cpe:2.3:a:ait-pro:bulletproof_security:.45.8:::::wordpress::	1	OR
cpe:2.3:a:ait-pro:bulletproof_security:.45.9:::::wordpress::	1	OR
cpe:2.3:a:ait-pro:bulletproof_security:.46:::::wordpress::	1	OR
cpe:2.3:a:ait-pro:bulletproof_security:.46.1:::::wordpress::	1	OR
cpe:2.3:a:ait-pro:bulletproof_security:.46.2:::::wordpress::	1	OR
cpe:2.3:a:ait-pro:bulletproof_security:.46.3:::::wordpress::	1	OR
cpe:2.3:a:ait-pro:bulletproof_security:.46.4:::::wordpress::	1	OR
cpe:2.3:a:ait-pro:bulletproof_security:.46.5:::::wordpress::	1	OR
cpe:2.3:a:ait-pro:bulletproof_security:.46.6:::::wordpress::	1	OR
cpe:2.3:a:ait-pro:bulletproof_security:.46.7:::::wordpress::	1	OR
cpe:2.3:a:ait-pro:bulletproof_security:.46.8:::::wordpress::	1	OR
cpe:2.3:a:ait-pro:bulletproof_security:.46.9:::::wordpress::	1	OR
cpe:2.3:a:ait-pro:bulletproof_security:.47:::::wordpress::	1	OR
cpe:2.3:a:ait-pro:bulletproof_security:.47.1:::::wordpress::	1	OR
cpe:2.3:a:ait-pro:bulletproof_security:.47.2:::::wordpress::	1	OR
cpe:2.3:a:ait-pro:bulletproof_security:.47.3:::::wordpress::	1	OR
cpe:2.3:a:ait-pro:bulletproof_security:.47.4:::::wordpress::	1	OR
cpe:2.3:a:ait-pro:bulletproof_security:.47.5:::::wordpress::	1	OR
cpe:2.3:a:ait-pro:bulletproof_security:.47.6:::::wordpress::	1	OR
cpe:2.3:a:ait-pro:bulletproof_security:.47.7:::::wordpress::	1	OR
cpe:2.3:a:ait-pro:bulletproof_security:.47.8:::::wordpress::	1	OR
cpe:2.3:a:ait-pro:bulletproof_security:.47.9:::::wordpress::	1	OR
cpe:2.3:a:ait-pro:bulletproof_security:.48:::::wordpress::	1	OR
cpe:2.3:a:ait-pro:bulletproof_security:.48.1:::::wordpress::	1	OR
cpe:2.3:a:ait-pro:bulletproof_security:.48.2:::::wordpress::	1	OR
cpe:2.3:a:ait-pro:bulletproof_security:.48.3:::::wordpress::	1	OR
cpe:2.3:a:ait-pro:bulletproof_security:.48.4:::::wordpress::	1	OR
cpe:2.3:a:ait-pro:bulletproof_security:.48.5:::::wordpress::	1	OR
cpe:2.3:a:ait-pro:bulletproof_security:.48.6:::::wordpress::	1	OR
cpe:2.3:a:ait-pro:bulletproof_security:.48.7:::::wordpress::	1	OR
cpe:2.3:a:ait-pro:bulletproof_security:.48.8:::::wordpress::	1	OR
cpe:2.3:a:ait-pro:bulletproof_security:.48.9:::::wordpress::	1	OR
cpe:2.3:a:ait-pro:bulletproof_security:.49:::::wordpress::	1	OR
cpe:2.3:a:ait-pro:bulletproof_security:.49.1:::::wordpress::	1	OR
cpe:2.3:a:ait-pro:bulletproof_security:.49.2:::::wordpress::	1	OR
cpe:2.3:a:ait-pro:bulletproof_security:.49.3:::::wordpress::	1	OR
cpe:2.3:a:ait-pro:bulletproof_security:.49.4:::::wordpress::	1	OR
cpe:2.3:a:ait-pro:bulletproof_security:.49.5:::::wordpress::	1	OR
cpe:2.3:a:ait-pro:bulletproof_security:.49.6:::::wordpress::	1	OR
cpe:2.3:a:ait-pro:bulletproof_security:.49.7:::::wordpress::	1	OR
cpe:2.3:a:ait-pro:bulletproof_security:.49.8:::::wordpress::	1	OR
cpe:2.3:a:ait-pro:bulletproof_security:.49.9:::::wordpress::	1	OR
cpe:2.3:a:ait-pro:bulletproof_security:.50:::::wordpress::	1	OR
cpe:2.3:a:ait-pro:bulletproof_security:.50.1:::::wordpress::	1	OR
cpe:2.3:a:ait-pro:bulletproof_security:.50.2:::::wordpress::	1	OR
cpe:2.3:a:ait-pro:bulletproof_security:.50.3:::::wordpress::	1	OR
cpe:2.3:a:ait-pro:bulletproof_security:.50.4:::::wordpress::	1	OR
cpe:2.3:a:ait-pro:bulletproof_security:.50.5:::::wordpress::	1	OR
cpe:2.3:a:ait-pro:bulletproof_security:.50.6:::::wordpress::	1	OR
cpe:2.3:a:ait-pro:bulletproof_security:.50.7:::::wordpress::	1	OR
cpe:2.3:a:ait-pro:bulletproof_security:.50.8:::::wordpress::	1	OR
cpe:2.3:a:ait-pro:bulletproof_security:.50.9:::::wordpress::	1	OR
cpe:2.3:a:ait-pro:bulletproof_security:.51:::::wordpress::	1	OR

CVSS Version 2

Version
2.0

Vector String
AV:N/AC:L/Au:S/C:P/I:P/A:P

Access Vector
NETWORK

Access Compatibility
LOW

Authentication
SINGLE

Confidentiality Impact
PARTIAL

Integrity Impact
PARTIAL

Availability Impact
PARTIAL

Base Score
6.5

Severity
MEDIUM

Exploitability Score
8

Impact Score
6.4

References

Reference URL	Reference Tags
http://packetstormsecurity.com/files/128977/WordPress-Bulletproof-Security-.51-XSS-SQL-Injection-SSRF.html	Exploit Third Party Advisory VDB Entry
https://wordpress.org/plugins/bulletproof-security/changelog/	Patch Vendor Advisory
http://www.securityfocus.com/bid/70918	Third Party Advisory VDB Entry
http://www.securityfocus.com/archive/1/533904/100/0/threaded	Third Party Advisory VDB Entry

Sources

Source Name	Source URL
NIST	https://nvd.nist.gov/vuln/detail/CVE-2014-7959
MITRE	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7959

History

Created	Old Value	New Value	Data Type	Notes
2022-05-10 06:41:07				Added to TrackCVE
2022-12-02 02:12:43	2014-11-06T15:55Z	2014-11-06T15:55:08	CVE Published Date	updated
2022-12-02 02:12:43		2021-12-15T21:02:41	CVE Modified Date	updated
2022-12-02 02:12:43		Analyzed	Vulnerability Status	updated